GCP Firewall rule allows all traffic on HTTP port (80)
Description
You should also consider restricting access to HTTP port 80 to only the IP addresses or ranges that need it. This can help reduce the risk of your network being accessed by unauthorized users or devices, and can also help reduce the risk of attacks such as denial of service (DoS) or distributed denial of service (DDoS) attacks.
Code Example
go
{
"
resource "google_compute_firewall" "restricted" {
name = "example"
network = "google_compute_network.vpc.name"
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = ["172.1.2.3/32"]
target_tags = ["ssh"]
}
",
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0964 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GCP_106 |